HW相关
众所周知,一年一度的HW马上又要开始了,又要把压箱底的东西拿出来了。
钓鱼邮件
前几天收到一封钓鱼邮件,发现是由菲律宾某GOV邮局代发,完美过QQ/OUTLOOK的SPF且即使Sender和From不同,也不会显示代发,非常奇怪,本来想留着HW的时候用,但是发现漏洞已经被修复,菲律宾邮局接口关了。
Received: from 122.49.209.176 (unknown [122.49.209.176])
by newmx31.qq.com (NewMx) with SMTP id
for <admin@gksec.com>; Tue, 23 Feb 2021 18:42:12 +0800
X-QQ-FEAT: VZ9o1bCAgxXhJ5JjaEt64xNWpwNNeb4F
X-QQ-MAILINFO: MjJD59SVx+Lnzeh9os5Sktg2QqGdVW0rXWRQY8pvTDa60pdQeZcNkDc/i
A8WS9EiTJPrp68xjxS9vMpGY8ClErEw4lV6Sr9PgtgJgkcGsgrn
X-QQ-mid: mxszc62t1614076931tl7z8vacc
X-QQ-ORGSender: test@gmail.com
X-QQ-XMAILINFO: NiR88pJ0cSzWnlX2bctiNgDW4Q46hp/t3ki4Q/q4Nn2BreiQ41mpqxfzDygEfJ
2lVsuRQQau0ODyGr98+r1uDfZCpu+j6doGFJ+jTVUdNBsqPbdBfPiAH0loSOmW8dpg/YcYR1MwQx
JqOqinlKYdmaZJrYRGk83gmOeqOnL8N30SMyP7ph37gdQg72e1vHMlO9LILIN6U8apFXGfDmMaag
MyzreudLxZSaA2PtAOSiqfDll5pojnPCbLHDTVUDeqU8Wk9TEg/Ub74EHzghc6J9WH6yqEHsjGhB
LntDVcjU1IeqA1zhWVoaMhCTHVKfmOoXbRzqAgoe3yEtphroMSDIL2OptQ7MsBgmjAFOtAiZeQRn
OFAGT4zgQsIPXhYbFtgsRuQ+dnN5IQTO3M0ytbm+W9SGEuFDhgYE0WDlhJhnIwDFswHyZ74ZgGXz
aQvl7S9u5EPlhYNJ3Uw/TBn1424cMid7RgFkpDn7nergN7o+d/Sd5CjXNo778zpRv649KMH2GDX0
9AtzgOygV6lL2yp5gmCFaLloURGST3AQMoOOuP9cTDwgJwZMfbukyAICr6UHFoH6Upc6mL7PFNnj
Wz7y9AhxNX27kMBZ8GjR2h7NLoQnoEGDbpA2kiRm0Bkn2FnqhNIGuJyJfPnnQgsRCw+nHrT0QMpi
QP8+waeRQ0DEvCoqaWW3mweSQ/i/qYiUCD19ENi8nPM3WgpDWg+Imev8wbSeK8a1sI+ciMPufeLi
VSXlqorFDuaX4ofCr0j2v4G0UMoPzBc7ZzqTc+UuKSslp1k53Hejkg4/5FDU3nqHL1eQKA1/mBmp
u/TyN2i+sYgKPNYKWjQ9xTUJPMBAuo/B1NTQ+7VLIABg==
Received: from localhost (localhost [127.0.0.1])
by mail.marina.gov.ph (Postfix) with ESMTP id B34094C0EF54;
Tue, 23 Feb 2021 18:40:40 +0800 (+08)
Received: from mail.marina.gov.ph ([127.0.0.1])
by localhost (mail.marina.gov.ph [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id pTt6-K3cQPy6; Tue, 23 Feb 2021 18:40:40 +0800 (+08)
Received: from localhost (localhost [127.0.0.1])
by mail.marina.gov.ph (Postfix) with ESMTP id 8C4D94C0F408;
Tue, 23 Feb 2021 18:40:40 +0800 (+08)
X-Virus-Scanned: amavisd-new at mail.marina.gov.ph
Received: from mail.marina.gov.ph ([127.0.0.1])
by localhost (mail.marina.gov.ph [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id C3dUTC9xbHzF; Tue, 23 Feb 2021 18:40:40 +0800 (+08)
Received: from [192.168.0.192] (unknown [10.0.0.1])
by mail.marina.gov.ph (Postfix) with ESMTPSA id E11FC4C0EF54;
Tue, 23 Feb 2021 18:40:28 +0800 (+08)
Content-Type: multipart/alternative; boundary="===============0586596872=="
MIME-Version: 1.0
Subject: DONATION
To: Recipients <test@gmail.com>
From: test@gmail.com
Date: Tue, 23 Feb 2021 11:40:13 +0100
Reply-To: azimpemji158@gmail.com
Message-Id: <20210223104028.E11FC4C0EF54@mail.marina.gov.ph>
You will not see this in a MIME-aware mail reader.
--===============0586596872==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
The sum of $790,000USD has been donated to you by Mr. Azim Hashim, Respond =
back for more details email via azimpemji158@gmail.com=20
--===============0586596872==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
=3Diso-8859-1"/></head>The sum of $790,000USD has been donated to you by Mr=
. Azim Hashim, Respond back for more details email via azimpemji158@gmail.c=
om
</html>
--===============0586596872==--
简单分析后发现应该是攻击者利用了菲律宾政府邮箱的漏洞拿到了邮件服务器权限,然后批量发送钓鱼邮件。
那我就直接拿来用swaks一把嗦,以下是我测试时利用成功部分截图。
所以提供了一个新思路,是否大厂邮局是否靠检测gov域名为白名单?
红队
BurpShiroPassiveScan
https://github.com/pmiaowu/BurpShiroPassiveScan
超级弱口令检测工具
https://github.com/shack2/SNETCracker
流量搅屎
https://github.com/burpheart/mbtm
私有化部署DNSLog
https://github.com/yumusb/DNSLog-Platform-Golang
HOOK相关
https://github.com/Mr-Un1k0d3r/RedTeamCCode
LSBShell
https://github.com/Ch1ngg/LSBShell
SecureCRT密码解密
https://github.com/HyperSine/how-does-SecureCRT-encrypt-password
资产扫描
https://github.com/EdgeSecurityTeam/EHole
https://github.com/r0eXpeR/redteam_vul
默认密码检测
https://github.com/0xHJK/TotalPass
Redis一把嗦
https://github.com/pan3a/Redis-Getshell/
蓝队
后门检测工具
https://github.com/huoji120/DuckMemoryScan
高精度IP
https://h-k.pw/ 获取使用权限请邮件联系本人
0 条评论